name: Validate Nginx Configuration

on:
  push:
    branches:
      - main  # Trigger on push to main branch
  pull_request:
    branches:
      - main  # Trigger on pull request to main branch

jobs:
  validate-nginx:
    runs-on: ubuntu-latest

    steps:
    - name: Checkout repository
      uses: actions/checkout@v3

    - name: Download WAF rules
      run: |
        wget https://github.com/fabriziosalmi/patterns/releases/download/latest/nginx_waf.zip -O nginx_waf.zip
        echo "Downloaded nginx_waf.zip"
        ls -lh nginx_waf.zip

    - name: Extract WAF rules
      run: |
        unzip nginx_waf.zip -d waf_rules
        echo "Extracted WAF rules into waf_rules directory"
        ls -lh waf_rules/waf_patterns/nginx/

    - name: Verify WAF rules extraction
      run: |
        if [ ! -d "waf_rules/waf_patterns/nginx" ]; then
          echo "Error: WAF rules directory not found after extraction!"
          exit 1
        fi
        if [ -z "$(ls -A waf_rules/waf_patterns/nginx/*.conf 2>/dev/null)" ]; then
          echo "Error: No .conf files found in waf_rules/waf_patterns/nginx/"
          echo "Contents of waf_rules/waf_patterns/nginx/:"
          ls -l waf_rules/waf_patterns/nginx/
          exit 1
        fi

    - name: Verify nginx.conf exists
      run: |
        if [ ! -f "tests/nginx.conf" ]; then
          echo "Error: tests/nginx.conf not found in the repository!"
          exit 1
        fi

    - name: Separate map directives from WAF rules
      run: |
        # Extract map directives into a separate file
        grep -h "map " waf_rules/waf_patterns/nginx/*.conf > map_directives.conf || true
        echo "Extracted map directives into map_directives.conf"
        echo "Contents of map_directives.conf:"
        cat map_directives.conf

        # Remove map directives from the WAF rules
        grep -L "map " waf_rules/waf_patterns/nginx/*.conf > waf_rules_without_map.conf || true
        echo "WAF rules without map directives:"
        cat waf_rules_without_map.conf

    - name: Merge WAF rules into a single file with a server block
      run: |
        # Create a merged_waf_rules.conf file with a server block
        echo "server {" > merged_waf_rules.conf
        cat waf_rules_without_map.conf >> merged_waf_rules.conf
        echo "}" >> merged_waf_rules.conf
        echo "Merged WAF rules into merged_waf_rules.conf"
        echo "Contents of merged_waf_rules.conf:"
        cat merged_waf_rules.conf

    - name: Combine Nginx configuration
      run: |
        # Create a temporary nginx.conf file that includes the map directives and merged WAF rules
        echo "events {" > temp_nginx.conf
        echo "    worker_connections 1024;" >> temp_nginx.conf
        echo "}" >> temp_nginx.conf
        echo "http {" >> temp_nginx.conf
        echo "    include /etc/nginx/map_directives.conf;" >> temp_nginx.conf
        echo "    include /etc/nginx/merged_waf_rules.conf;" >> temp_nginx.conf
        echo "    include /etc/nginx/tests/nginx.conf;" >> temp_nginx.conf
        echo "}" >> temp_nginx.conf

        echo "Combined Nginx configuration:"
        cat temp_nginx.conf

    - name: Validate Nginx configuration using Docker
      run: |
        # Copy the map directives, merged WAF rules, and nginx.conf to a Docker volume
        docker run --rm -v $(pwd)/map_directives.conf:/etc/nginx/map_directives.conf:ro \
                       -v $(pwd)/merged_waf_rules.conf:/etc/nginx/merged_waf_rules.conf:ro \
                       -v $(pwd)/tests/nginx.conf:/etc/nginx/tests/nginx.conf:ro \
                       -v $(pwd)/temp_nginx.conf:/etc/nginx/nginx.conf:ro \
                       nginx nginx -t